package com.yc.resfoods.config;

import com.yc.resfoods.controller.JwtAuthenticationEntryPoint;
import com.yc.resfoods.filters.JwtRequestsFilter;
import io.jsonwebtoken.ExpiredJwtException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 * @ClassName WebSecurityConfig
 * @since: 2023/8/21 15:18
 * @auth: kirito
 * @description: 允许对WebSecurity和HttpSecurity进行自定义
 **/
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint; //出错了的处理类
    @Autowired
    private UserDetailsService jwtUserDetailsService; //业务类
    @Autowired
    private JwtRequestsFilter jwtRequestsFilter; //过滤器



    //    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth)throws Exception {
        //配置AuthenticationMannager 使其知道从何处（jwtuserDetailsService）加载匹配凭据的用户
        //auth 组装  组装加密算法
        auth.userDetailsService(jwtUserDetailsService).passwordEncoder(passwordEncoder());
    }

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        //关闭csrf跨站请求伪造
        httpSecurity.csrf().disable()
                //不验证此特定请求
            .authorizeRequests().antMatchers("/ressecurity/test/bye","/ressecurity/resfood/code.action","/ressecurity/resfood/resuser.action","/swagger-ui/**","/api/**","/webjars/**","/swagger-ui.html","/swagger-resources/**","/v3/api-docs").permitAll()
                //所有其他请求都需要经过身份验证
            .anyRequest().authenticated().and()
                //确保我们使用无状态会话 会话不会用于存储用户的状态
            .exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint)
            .and().sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        //添加一个筛选器 以验证每个请求的令牌
        httpSecurity.addFilterBefore(jwtRequestsFilter, UsernamePasswordAuthenticationFilter.class);
    }


}
